CVE-2017-15671 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-460	glibc, lib32-glibc	2.26-8	2.26-9	High	Fixed

Date	Advisory	Group	Package	Severity	Type
10 Jan 2018	ASA-201801-9	AVG-460	glibc	High	multiple issues
10 Jan 2018	ASA-201801-8	AVG-460	lib32-glibc	High	multiple issues

References
http://seclists.org/oss-sec/2017/q4/119 https://sourceware.org/bugzilla/show_bug.cgi?id=22325 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351

References

http://seclists.org/oss-sec/2017/q4/119
https://sourceware.org/bugzilla/show_bug.cgi?id=22325
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351